EC2 101 Flashcards
What is EC2?
A web service that provides resizable compute capacity in the cloud.
What is the EC2 On Demand Pricing Model?
Allows for paying a fixed rate by the second/hour with no commitment,
What is EC2 Reserved Pricing Model?
Provides reserved capacity with significant discounts on the hourly rate
What is EC2 Sport Pricing Model?
Allows for bidding a price for excess instance capacity, providing greater cost savings for applications that have flexible start and end times.
What is EC2 Dedicated Hosts Pricing Model?
Physical EC2 servers dedicated for your use.
What is the use case for EC2 On Demand?
Applications with short term, spiky, or unpredictable workloads that cannot be interrupted.
What is the use case for EC2 Reserved?
Applications with steady state or predictable usage, or those that require reserved capacity.
What is the use case for EC2 Spot
Applications with flexible start and end times, are feasible at very low compute costs, or users with urgent computing needs for large amounts of additional capacity.
What is the use case for Dedicated Hosts?
Useful for regulatory requirements or licensing that does not support multi tenancy.
True or False: If the EC2 Spot instance is terminated by AWS you will not be charged for a partial hour of usage.
True, however if you terminate it yourself, you will be charged for any hour in which the instance ran.
True or False: EC2 Termination Protection is turned on by default.
False; it is not turned on by default. Termination Protection protects the EC2 instance from accidental deletion.
True or False: On an EBS Backed EC2 instance, the default action is for the root EBS volume to be deleted when the instance is terminated.
True; this can be changed by unchecking the delete on termination box. However, additional volumes are not automatically deleted upon termination by default.
Can EBS EC2 Root Volumes of default AMIs be encrypted?
Yes, this can be done during the provisioning of the instance. Additional volume can also be encrypted. Encryption can also be done after the instance has been created.
How long does it take for a rule change to a Security Group to take effect?
It takes effect immediately.
True or False: All Security Group inbound traffic is blocked by default.
True, rules must be added to allow access to the service the Security Group is managing access to.
Are Security Groups Stateful or Stateless?
Security Groups are stateful, meaning that all outbound traffic is allowed, there is no need to define outbound rules.
True or False: The is no limit on the number of EC2 instances in a Security Group
True
True or False: You can only have one Security Group attached to an EC2 instance.
False; you can have multiple Security Groups attached to an EC2 instance.
True or False: Security Groups allow for blocking specific IP Addresses or Ports?
False, while it cannot be explicitly blocked, if a rule does not enable access to a specific port, it is still blocked. Use NACLs for specific blocking.
True or False: Security Groups are Universal
False; Security Groups are Regional. If you setup an EC2 instance in a different Region than your Security Group, a new one will need to be created.
How can MetaData and UserData about an EC2 instance be obtained?
Metadata, such as public IP address:
curl http://169.254.169.254/latest/meta-data/
Userdata, such as BootStrap scripts:
curl http://169.254.169.254/latest/user-data/
What are EC2 Placement Groups?
They are a way of configuring the placement of interdependent EC2 instances on the underlying hardware to meet the need of a specific workload.
- Cluster
- Spread
- Partition
What is a Cluster Placement Group?
A grouping of EC2 instances within a single AZ, used for applications that need low network latency and/or high network throughput.
What is a Spread Placement Group?
A grouping of instances that are each placed on distinct underlying hardware. They are used for applications that have a small number of critical instances that should be kept separate from each other.
What is a Partitioned Placement Group?
A group of instances that are broken into logical subgroups, ex. 9 instances in groups of 3. Each grouping is a partition, and each partition is placed on distinct underlying pieces of hardware. It is used for similar applications as in Spread Placement.
True or False: An existing EC2 instance can be placed into a Placement Group.
True; however it must be in the Stopped state, and must be done using the CLI, not the console. Also, you cannot merge Placement Groups.
What is the AWS Web Application Firewall?
WAF is web app firewall that allows the monitoring of http and https requests that are forwarded to CloudFront, an Application Load Balancer, or API Gateway, and also allow control of access to content.
What can a AWS WAF do?
It can block access from specific IP Addresses, specific countries. It can also block based on request headers, request strings, request lengths, SQL injection, or cross site scripting.
Who is responsible for patching and updating EC2 instances?
The user is responsible for updating and patching the OS.